[pkg-bacula-commits] [bacula] 03/04: Add another patch for OpenSSL 1.1 support by Sebastian Andrzej Siewior <sebastian at breakpoint.cc>

Carsten Leonhardt leo at moszumanska.debian.org
Sun Nov 12 13:17:24 UTC 2017 

This is an automated email from the git hooks/post-receive script.

leo pushed a commit to branch openssl1.1
in repository bacula.

commit ffdc26406c76b4899010434c0cfb586a2db57afc
Author: Carsten Leonhardt <leo at debian.org>
Date:   Sun Nov 12 14:15:12 2017 +0100

    Add another patch for OpenSSL 1.1 support by Sebastian Andrzej Siewior
    <sebastian at breakpoint.cc>
---
 ...ove-most-of-OpenSSL-initcallbacks-for-1.1.patch | 171 +++++++++++++++++++++
 debian/patches/series                              |   1 +
 2 files changed, 172 insertions(+)

diff --git a/debian/patches/openssl1.1_1001-crypto-remove-most-of-OpenSSL-initcallbacks-for-1.1.patch b/debian/patches/openssl1.1_1001-crypto-remove-most-of-OpenSSL-initcallbacks-for-1.1.patch
new file mode 100644
index 0000000..6de2169
--- /dev/null
+++ b/debian/patches/openssl1.1_1001-crypto-remove-most-of-OpenSSL-initcallbacks-for-1.1.patch
@@ -0,0 +1,171 @@
+From 7eb1f97ca3a154818ff42e3259899fbc94140fbc Mon Sep 17 00:00:00 2001
+From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
+Date: Thu, 9 Nov 2017 21:55:20 +0100
+Subject: [PATCH] crypto: remove most of OpenSSL initcallbacks for 1.1
+
+In OpenSSL 1.1 the thread model atomically initialized the library so
+there is no need to invoke the init calls, like it was needed for 1.0.2
+and earlier. The may be needed for non-standard inits like no-error
+strings or so (not the case here). So the ifdef avoids them.
+
+Also, in 1.1 there is no need to teach OpenSSL how to do locking and so
+on. Infect, those functions are null-macros as for 1.0.2 compat. So
+another ifdef avoids them, too.
+
+I made four function static and removed them the header file since they
+don't seem to be used outside of that openssl.c file.
+
+This leaves us the 1.1 init part down to openssl_seed_prng(). I would
+actually suggest to get rid of it. OpenSSL is able to gather some
+entropy if needed. I don't think reading 2x 1024KiB from system's
+entropy on each invocation of the program is wise. But I leave it to
+the maintainer to make a decision, I just point it out.
+
+Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
+---
+ src/lib/openssl.c | 33 ++++++++++++++++++---------------
+ src/lib/openssl.h |  4 ----
+ 2 files changed, 18 insertions(+), 19 deletions(-)
+
+diff --git a/src/lib/openssl.c b/src/lib/openssl.c
+index 64b0e96009a7..d43b3c1344d5 100644
+--- a/src/lib/openssl.c
++++ b/src/lib/openssl.c
+@@ -41,15 +41,6 @@
+ 
+ /* Are we initialized? */
+ static int crypto_initialized = false;
+-
+-/* Array of mutexes for use with OpenSSL static locking */
+-static pthread_mutex_t *mutexes;
+-
+-/* OpenSSL dynamic locking structure */
+-struct CRYPTO_dynlock_value {
+-   pthread_mutex_t mutex;
+-};
+-
+ /*
+  * ***FIXME*** this is a sort of dummy to avoid having to
+  *   change all the existing code to pass either a jcr or
+@@ -61,7 +52,6 @@ void openssl_post_errors(int code, const char *errstring)
+    openssl_post_errors(NULL, code, errstring);
+ }
+ 
+-
+ /*
+  * Post all per-thread openssl errors
+  */
+@@ -79,6 +69,15 @@ void openssl_post_errors(JCR *jcr, int code, const char *errstring)
+    }
+ }
+ 
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
++/* Array of mutexes for use with OpenSSL static locking */
++static pthread_mutex_t *mutexes;
++
++/* OpenSSL dynamic locking structure */
++struct CRYPTO_dynlock_value {
++   pthread_mutex_t mutex;
++};
++
+ /*
+  * Return an OpenSSL thread ID
+  *  Returns: thread ID
+@@ -151,12 +150,11 @@ static void openssl_update_static_mutex (int mode, int i, const char *file, int
+  *  Returns: 0 on success
+  *           errno on failure
+  */
+-int openssl_init_threads (void)
++static int openssl_init_threads (void)
+ {
+    int i, numlocks;
+    int stat;
+ 
+-
+    /* Set thread ID callback */
+    CRYPTO_set_id_callback(get_openssl_thread_id);
+ 
+@@ -185,7 +183,7 @@ int openssl_init_threads (void)
+ /*
+  * Clean up OpenSSL threading support
+  */
+-void openssl_cleanup_threads(void)
++static void openssl_cleanup_threads(void)
+ {
+    int i, numlocks;
+    int stat;
+@@ -216,13 +214,14 @@ void openssl_cleanup_threads(void)
+    CRYPTO_set_dynlock_destroy_callback(NULL);
+ }
+ 
++#endif
+ 
+ /*
+  * Seed OpenSSL PRNG
+  *  Returns: 1 on success
+  *           0 on failure
+  */
+-int openssl_seed_prng (void)
++static int openssl_seed_prng (void)
+ {
+    const char *names[]  = { "/dev/urandom", "/dev/random", NULL };
+    int i;
+@@ -247,7 +246,7 @@ int openssl_seed_prng (void)
+  *  Returns: 1 on success
+  *           0 on failure
+  */
+-int openssl_save_prng (void)
++static int openssl_save_prng (void)
+ {
+    // ***FIXME***
+    // Implement PRNG state save
+@@ -262,6 +261,7 @@ int openssl_save_prng (void)
+  */
+ int init_crypto (void)
+ {
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+    int stat;
+ 
+    if ((stat = openssl_init_threads()) != 0) {
+@@ -278,6 +278,7 @@ int init_crypto (void)
+ 
+    /* Register OpenSSL ciphers and digests */
+    OpenSSL_add_all_algorithms();
++#endif
+ 
+    if (!openssl_seed_prng()) {
+       Jmsg0(NULL, M_ERROR_TERM, 0, _("Failed to seed OpenSSL PRNG\n"));
+@@ -309,6 +310,7 @@ int cleanup_crypto (void)
+       Jmsg0(NULL, M_ERROR, 0, _("Failed to save OpenSSL PRNG\n"));
+    }
+ 
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
+    openssl_cleanup_threads();
+ 
+    /* Free libssl and libcrypto error strings */
+@@ -319,6 +321,7 @@ int cleanup_crypto (void)
+ 
+    /* Free memory used by PRNG */
+    RAND_cleanup();
++#endif
+ 
+    crypto_initialized = false;
+ 
+diff --git a/src/lib/openssl.h b/src/lib/openssl.h
+index 597517a4fd68..9374a581c735 100644
+--- a/src/lib/openssl.h
++++ b/src/lib/openssl.h
+@@ -39,10 +39,6 @@
+ #ifdef HAVE_OPENSSL
+ void             openssl_post_errors     (int code, const char *errstring);
+ void             openssl_post_errors     (JCR *jcr, int code, const char *errstring);
+-int              openssl_init_threads    (void);
+-void             openssl_cleanup_threads (void);
+-int              openssl_seed_prng       (void);
+-int              openssl_save_prng       (void);
+ #endif /* HAVE_OPENSSL */
+ 
+ #endif /* __OPENSSL_H_ */
+-- 
+2.15.0
+
diff --git a/debian/patches/series b/debian/patches/series
index 93ec5c4..04a43b7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -16,3 +16,4 @@ openssl1.1_0002-crypto-Add-a-tiny-OpenSSL-compat-level.patch
 openssl1.1_0003-crypto-Use-DEFINE_STACK_OF.patch
 openssl1.1_0004-crypto-convert-EVP_MD_CTX-EVP_CIPHER_CTX-to-OpenSSL-.patch
 openssl1.1_0005-crypto_-convert-EVP_PKEY-access-and-remainings-bits-.patch
+openssl1.1_1001-crypto-remove-most-of-OpenSSL-initcallbacks-for-1.1.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-bacula/bacula.git

More information about the pkg-bacula-commits mailing list